Vulnerabilities > CVE-2012-2113 - Numeric Errors vulnerability in Libtiff
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1498-1.NASL description It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088) It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2113). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59856 published 2012-07-06 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59856 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerabilities (USN-1498-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1498-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(59856); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-2088", "CVE-2012-2113"); script_bugtraq_id(54076, 54270); script_xref(name:"USN", value:"1498-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : tiff vulnerabilities (USN-1498-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the TIFF library incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2088) It was discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges. (CVE-2012-2113). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1498-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libtiff-tools and / or libtiff4 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtiff4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/22"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libtiff-tools", pkgver:"3.8.2-7ubuntu3.12")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libtiff4", pkgver:"3.8.2-7ubuntu3.12")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libtiff-tools", pkgver:"3.9.2-2ubuntu0.9")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libtiff4", pkgver:"3.9.2-2ubuntu0.9")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"libtiff-tools", pkgver:"3.9.4-5ubuntu6.2")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"libtiff4", pkgver:"3.9.4-5ubuntu6.2")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libtiff-tools", pkgver:"3.9.5-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libtiff4", pkgver:"3.9.5-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libtiff-tools", pkgver:"3.9.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libtiff4", pkgver:"3.9.5-2ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff-tools / libtiff4"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-10081.NASL description Update to libtiff 3.9.6, and add patches for CVE-2012-2088, CVE-2012-2113 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-16 plugin id 59972 published 2012-07-16 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59972 title Fedora 17 : libtiff-3.9.6-1.fc17 (2012-10081) NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBTIFF_20120821.NASL description The remote Solaris system is missing necessary patches to address security updates : - Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. (CVE-2012-2088) - Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. (CVE-2012-2113) last seen 2020-06-01 modified 2020-06-02 plugin id 80680 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80680 title Oracle Solaris Third-Party Patch Update : libtiff (cve_2012_2088_denial_of) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1054.NASL description Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 59844 published 2012-07-05 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59844 title RHEL 5 / 6 : libtiff (RHSA-2012:1054) NASL family SuSE Local Security Checks NASL id SUSE_LIBTIFF-8199.NASL description The following issue has been fixed : - Specially crafted tiff files could have caused overflows in libtiff. (CVE-2012-2088 / CVE-2012-2113) last seen 2020-06-05 modified 2012-07-20 plugin id 60077 published 2012-07-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/60077 title SuSE 10 Security Update : libtiff (ZYPP Patch Number 8199) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-290-01.NASL description New libtiff packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 70499 published 2013-10-20 reporter This script is Copyright (C) 2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70499 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2552.NASL description Several vulnerabilities were discovered in TIFF, a library set and tools to support the Tag Image File Format (TIFF), allowing denial of service and potential privilege escalation. These vulnerabilities can be exploited via a specially crafted TIFF image. - CVE-2012-2113 The tiff2pdf utility has an integer overflow error when parsing images. - CVE-2012-3401 Huzaifa Sidhpurwala discovered heap-based buffer overflow in the t2p_read_tiff_init() function. - CVE-2010-2482 An invalid td_stripbytecount field is not properly handle and can trigger a NULL pointer dereference. - CVE-2010-2595 An array index error, related to last seen 2020-03-17 modified 2012-09-27 plugin id 62317 published 2012-09-27 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62317 title Debian DSA-2552-1 : tiff - several vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-101.NASL description Multiple vulnerabilities has been discovered and corrected in libtiff : libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-2088). Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59843 published 2012-07-05 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59843 title Mandriva Linux Security Advisory : libtiff (MDVSA-2012:101) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1054.NASL description Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 59838 published 2012-07-05 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59838 title CentOS 5 / 6 : libtiff (CESA-2012:1054) NASL family Scientific Linux Local Security Checks NASL id SL_20120703_LIBTIFF_ON_SL5_X.NASL description The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-03-18 modified 2015-06-01 plugin id 83916 published 2015-06-01 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83916 title Scientific Linux Security Update : libtiff on SL5.x, SL6.x i386/x86_64 (20120703) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBTIFF-DEVEL-120622.NASL description The following issue has been fixed : - Specially crafted tiff files could have caused overflows in libtiff. (CVE-2012-2088 / CVE-2012-2113) last seen 2020-06-05 modified 2013-01-25 plugin id 64197 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64197 title SuSE 11.1 Security Update : libtiff (SAT Patch Number 6475) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1054.NASL description From Red Hat Security Advisory 2012:1054 : Updated libtiff packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68572 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68572 title Oracle Linux 5 / 6 : libtiff (ELSA-2012-1054) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-046.NASL description Updated libtiff packages fix security vulnerabilities : libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code (CVE-2012-2088). Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2012-2113). Huzaifa Sidhpurwala discovered that the tiff2pdf utility incorrectly handled certain malformed TIFF images. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges (CVE-2012-3401). It was discovered that a buffer overflow in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 66060 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66060 title Mandriva Linux Security Advisory : libtiff (MDVSA-2013:046) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-361.NASL description - fixing multiple integer overflows : - CVE-2012-2113 [bnc#767852] - CVE-2012-2088 [bnc#767854] last seen 2020-06-05 modified 2014-06-13 plugin id 74663 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74663 title openSUSE Security Update : tiff (openSUSE-SU-2012:0829-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-02.NASL description The remote host is affected by the vulnerability described in GLSA-201209-02 (libTIFF: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libTIFF. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted TIFF file with an application making use of libTIFF, possibly resulting in execution of arbitrary code with the privileges of the user running the application or a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62235 published 2012-09-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62235 title GLSA-201209-02 : libTIFF: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-10089.NASL description Update to libtiff 3.9.6, and add patches for CVE-2012-2088, CVE-2012-2113 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-16 plugin id 59973 published 2012-07-16 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59973 title Fedora 16 : libtiff-3.9.6-1.fc16 (2012-10089) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-106.NASL description libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) last seen 2020-06-01 modified 2020-06-02 plugin id 69596 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69596 title Amazon Linux AMI : libtiff (ALAS-2012-106)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/49493
- http://www.remotesensing.org/libtiff/v4.0.2.html
- http://www.securityfocus.com/bid/54076
- https://bugzilla.redhat.com/show_bug.cgi?id=810551
- http://secunia.com/advisories/49686
- http://rhn.redhat.com/errata/RHSA-2012-1054.html
- http://www.debian.org/security/2012/dsa-2552
- https://hermes.opensuse.org/messages/15083566
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:101
- http://secunia.com/advisories/50726
- http://security.gentoo.org/glsa/glsa-201209-02.xml
- http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00010.html